How to Setup ELK Stack on Debian 9 / Debian 8

ELK stack is a full featured data analytics platform, consists of Elasticsearch, Logstash, and Kibana which helps you to store and manage logs centrally and gives an ability to analyze the issues by correlating the events on particular time.

Install Elasticsearch

To begin with, we will now install Elasticsearch server, an open-source search engine based on Lucene. It provides a real-time distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Elasticsearch stores data sent by the logstash and displays through the kibana on users request. ELK stack can be easily obtained from Elastic CO by setting up its official repository.

Install Logstash

Logstash is an open-source data-collection and log-parsing engine. It collects logs, parse and store them on Elasticsearch for searching. Over 160+ plugins are available for Logstash which provides the capability of processing a different type of events with no extra work.

apt-get install -y logstash

Create SSL certificate for Logstash

Forwarder (Filebeat) which we install on client machines use SSL certificate to validate the identity of Logstash server for secure transmission of logs.

Create the SSL certificate either with the hostname or IP SAN.

Option 1: (Hostname or FQDN)

If you plan to use the hostname in the beats (forwarder) configuration, then make sure client machines can able to reach the logstash server using the hostname.

Go to the OpenSSL directory.

cd /etc/ssl/

Now, create the SSL certificate with OpenSSL. Replace “green” one with the hostname of the logstash server.